Skip to main content
antwes
antwes
New Member
May 16, 2022
Solved

Dual VPN using independent WAN connections

  • May 16, 2022
  • 1 reply
  • 3717 views

Hi all,

 

On a vessel I'm working on, I've got two internet connections connected to WAN1 and WAN2. I'd like to have two VPN connections, using one of the WAN connetions each.

 

WAN1 (Production VPN, Internet access)

Fixed IP: 10.241.105.192 / 255.255.255.240
Gateway: 10.241.105.193

 

WAN2 (Development VPN)

DHCP: 94.234.190.55 / 255.255.255.240

Gateway: 94.234.190.49

 

Production VPN: Site-to-Site VPN with vessel behind NAT

Development VPN: Remote Access using FortiClient

 

I have configured Static Route as this:

antwes_0-1652686402967.png

Production VPN and general internet access for from WAN1 works as expected - But how should I get the Development VPN working on WAN2?

 

The Incoming Interface for the Development VPN is set to WAN2. I understand I need a Gateway assiociated with WAN2, so I tried to add this as a Policy Route as below, but without success.

antwes_1-1652688364948.png

I'm not sure if I'm doing the above correct?

Is there anything else I need to configure to achive functionality of Development VPN over WAN2?

 

Looking forward to any advice, thanks!

 

Best answer by seshuganesh

Hi Team,

 

As my colleague said you need to have route towards internet for wan2 as well.

PFA

seshuganesh_0-1652693984378.png

Create one more static route, In place of interface select wan2 and in advanced settings same tab, keep priority as "1"

please check if the issue is resolved

 

1 reply

akristof
Staff
akristof
Staff
May 16, 2022

Hello,

 

Thank you for your question. If you have VPN associated with wan2, you will need to have route in routing-table to the remote-gw. And this should be enough to allow VPN to negotiate. In your case, policy-route will not work at all.

 

So if your VPN has remote-gw 1.1.1.1 you need to have route towards 1.1.1.1/32 via wan2 with correct gateway.

    antwes
    antwesAuthor
    New Member
    May 16, 2022

    Hi Adrian,

     

    Many thanks for your answer.

     

    It's the first time for me working with Fortigate and I'm not an IT tech really. If you have time, would you please descibe more exact what steps I need to take in order to add to the routing table? Also how to change the remote gateway of the VPN to 1.1.1.1 if that is needed too.

     

    Thanks a million.

    Anton

    akristof
    Staff
    akristof
    Staff
    May 16, 2022

    Hi,

    Sure. Some links:

    How to create static route

    https://docs.fortinet.com/document/fortigate/7.2.0/administration-guide/626338/adding-a-static-route

    This is needed for VPN to know how to reach remote-gw.

    For VPN info, probably this is good guide:

    https://docs.fortinet.com/document/fortigate/6.0.0/handbook/276731/gateway-to-gateway-configuration

    If you will have any problems, you can share example from your config and based on that we can advice.

    Terms & ConditionsAccessibility statement